Block Download Based Download Sizes - MikroTik Script RouterOS

In This Articles, i want describe, how to block download more than 10 MB per Bytes.

Everybody Want To Download Big Size Files, After Downloaded 10 MB, Download Would Stop.

in This Example, i Want block download per Source And Destination.

For Example, Everybody can download file from one server, and he want open a new session with a new server for other works.

for this reason, we sign Source And Destinations with Srd Address List And Dst Address List, And Then Download More Than 10 MB stop for These Addresses.

We Need Three Rules.

Rule 1: Match And Assign Source Of Download To A New Address List. 
Rule 2: Match And Assign Destination of Download To A new Address list. 
Rule 3: Block Every Session ( Download ), That Size Is More That 10 MB.


/ip firewall filter
add action=add-src-to-address-list address-list=Src address-list-timeout=1h \
chain=forward connection-bytes=1970000-0 disabled=no protocol=tcp \
src-address=192.168.0.0/24

add action=add-dst-to-address-list address-list=Dst address-list-timeout=1h \
chain=forward connection-bytes=1970000-0 disabled=no protocol=tcp \
src-address=192.168.0.0/24

add action=drop chain=forward disabled=no dst-address-list=Dst protocol=tcp \
src-address-list=Src

In My Example, I Assign Every Users In 192.168.0.0/24 Subnet, They have more that 10 MB size to Download After that, in Last Rule, I Block That Session To block Download for 1 Hour.

If users want to download 40 MB file, every 10MB file downloaded, they need wait to 1 Hours, Also You can Change Connection Bytes Value And Address list Time out Value.

Also You can start this strategy base on File Extensions, Such as ( mp3,avi,flv,zip, ... )

Reza Moghadam

--MikroTik Certified Trainer 16:14, 12 April 2013 (UTC)

Credit: Mikrotik.com